Blackduck integration with SonarQube

Please provide detail help for integration of BLACKDUCK with SONARQUBE . If you can provide some documentation with images it would be easy for me to integrate .

Hey there.

No first party integrations (from SonarSource), but I believe whoever makes Blackduck might provide something. A google search for “Blackduck SonarQube” will probably get you more answers than this forum. :slight_smile:


1 Like

BlackDuck works similar to SonarQube. You execute a scanner which pushes results to a server. Without the server it does not work. I don’t see any option how such integration could work.


My colleague found this: Black Duck SonarQube.

The interesting part is:

Note that Black Duck SonarQube does not perform a Black Duck scan, but instead examines an already-scanned Black Duck project, gathers its Black Duck Bill of Materials (BOM) components, and compares the matched files from the Black Duck to the local files.

It sounds that you have to:

  • SonarQube side:
  • CI side:
    • perform BlackDuck analysis
    • perform SonarQube analysis

For me the goal of the integration is to only make BlackDuck results visible in SonarQube.

The analysis must be executed in a row, so the whole build time will increase. I’m not sure if seeing the same results in the a different tool is worth it, but it is your decision :slight_smile: